From: Steffen Klassert <steffen.klassert@secunet.com>
To: David Miller <davem@davemloft.net>, Jakub Kicinski <kuba@kernel.org>
Cc: Herbert Xu <herbert@gondor.apana.org.au>,
Steffen Klassert <steffen.klassert@secunet.com>,
<netdev@vger.kernel.org>
Subject: [PATCH 0/7] pull request (net): ipsec 2023-05-16
Date: Tue, 16 May 2023 07:23:58 +0200 [thread overview]
Message-ID: <20230516052405.2677554-1-steffen.klassert@secunet.com> (raw)
1) Don't check the policy default if we have an allow
policy. Fix from Sabrina Dubroca.
2) Fix netdevice refount usage on offload.
From Leon Romanovsky.
3) Use netdev_put instead of dev_puti to correctly release
the netdev on failure in xfrm_dev_policy_add.
From Leon Romanovsky.
4) Revert "Fix XFRM-I support for nested ESP tunnels"
This broke Netfilter policy matching.
From Martin Willi.
5) Reject optional tunnel/BEET mode templates in outbound policies
on netlink and pfkey sockets. From Tobias Brunner.
6) Check if_id in inbound policy/secpath match to make
it symetric to the outbound codepath.
From Benedict Wong.
Please pull or let me know if there are problems.
Thanks!
The following changes since commit 24e3fce00c0b557491ff596c0682a29dee6fe848:
net: stmmac: Add queue reset into stmmac_xdp_open() function (2023-04-05 19:02:56 -0700)
are available in the Git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec.git tags/ipsec-2023-05-16
for you to fetch changes up to 8680407b6f8f5fba59e8f1d63c869abc280f04df:
xfrm: Check if_id in inbound policy/secpath match (2023-05-10 07:56:05 +0200)
----------------------------------------------------------------
ipsec-2023-05-16
----------------------------------------------------------------
Benedict Wong (1):
xfrm: Check if_id in inbound policy/secpath match
Leon Romanovsky (2):
xfrm: release all offloaded policy memory
xfrm: Fix leak of dev tracker
Martin Willi (1):
Revert "Fix XFRM-I support for nested ESP tunnels"
Sabrina Dubroca (1):
xfrm: don't check the default policy if the policy allows the packet
Tobias Brunner (2):
xfrm: Reject optional tunnel/BEET mode templates in outbound policies
af_key: Reject optional tunnel/BEET mode templates in outbound policies
net/key/af_key.c | 12 ++++++----
net/xfrm/xfrm_device.c | 2 +-
net/xfrm/xfrm_interface_core.c | 54 ++++--------------------------------------
net/xfrm/xfrm_policy.c | 20 +++++-----------
net/xfrm/xfrm_user.c | 15 ++++++++----
5 files changed, 29 insertions(+), 74 deletions(-)
next reply other threads:[~2023-05-16 5:24 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-05-16 5:23 Steffen Klassert [this message]
2023-05-16 5:23 ` [PATCH 1/7] xfrm: don't check the default policy if the policy allows the packet Steffen Klassert
2023-05-17 4:00 ` patchwork-bot+netdevbpf
2023-05-16 5:24 ` [PATCH 2/7] xfrm: release all offloaded policy memory Steffen Klassert
2023-05-16 5:24 ` [PATCH 3/7] xfrm: Fix leak of dev tracker Steffen Klassert
2023-05-16 5:24 ` [PATCH 4/7] Revert "Fix XFRM-I support for nested ESP tunnels" Steffen Klassert
2023-05-16 5:24 ` [PATCH 5/7] xfrm: Reject optional tunnel/BEET mode templates in outbound policies Steffen Klassert
2023-05-16 5:24 ` [PATCH 6/7] af_key: " Steffen Klassert
2023-05-16 5:24 ` [PATCH 7/7] xfrm: Check if_id in inbound policy/secpath match Steffen Klassert
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230516052405.2677554-1-steffen.klassert@secunet.com \
--to=steffen.klassert@secunet.com \
--cc=davem@davemloft.net \
--cc=herbert@gondor.apana.org.au \
--cc=kuba@kernel.org \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.